German companies are only insufficiently able to protect their sensitive information from loss and misuse. This is one of the central results of a cybersecurity study by the research and analyst firm techconsult on behalf of Proofpoint.
The report entitled "Cybersecurity in Germany: Better protection of people and data" illustrates the extent of the problem. 57 percent of German companies had at least one data breach and/or the loss of sensitive information in the last 12 months.
17 percent of the companies surveyed even had to complain about several IT security incidents. One of the explanations for these results is the lack of even basic security measures. Only 48 percent of companies block access to sensitive data for specific employees or groups of employees and just under a quarter of companies (24,5 percent) do not even have an accurate overview of where their most sensitive data is stored.
Many companies lose sensitive data
"The results of techconsult's study are worrying," commented Bert Skaletski, Resident CISO for EMEA at Proofpoint. “Although we can generally observe a growing awareness of the diverse threats to cybersecurity, this has not yet translated into concrete information security measures. Even IT security solutions, which should actually be standard nowadays, are far from being used by every company.
For example, only 40 percent of the organizations surveyed have endpoint security technologies in place, and data loss prevention (DLP) software is no better. Especially in view of the geopolitical situation and growing threats, I can only call on companies and authorities to urgently take remedial action.”
Data misuse and loss of reputation
The techconsult study also shows the most serious consequences of data breaches, data loss and data misuse. More than 37 percent of companies have suffered a loss of reputation through data theft and data misuse. Companies with 1000 to 2000 employees often suffer from a loss of reputation after an IT security incident. Among the industries, retail has been hit hardest by reputational damage.
Another serious consequence for 35 percent of the IT security managers surveyed is the loss of important data cause long-term damage to businesses. Large companies with 42 or more employees are particularly badly affected at almost 5000 percent.
30 percent suffered financial damage
More than one in three companies (34 percent) has suffered direct or indirect financial damage as a result of a cybersecurity incident that took place in the last 12 months. Industrial companies are particularly affected with 40 percent. Only 3 percent of the companies surveyed do not complain of any consequences from data theft and misuse.
Key Findings of the Study
- Only 54 percent of the companies surveyed have email security technology in place that blocks some portion of email-borne threats. While 80 percent of banks and insurance companies already use this technology, only 41 percent do so in retail.
- The situation is even worse for cloud solutions: only 41 percent of companies have security solutions that protect cloud-based infrastructure and applications. Here, too, banks and insurance companies are leaders with over 53 percent, while the service industry brings up the rear with just under 35 percent.
- Less than 40 percent of the companies surveyed use endpoint security technology. This is where retail comes off worst, at almost 18 percent. At 22 percent, public administration and the non-profit sector as well as health and social care do not cover themselves in glory.
- 3,5 percent of companies do not use any special protocols or technologies to protect against data loss.
Only 40 percent of companies use data loss prevention (DLP) software, although a modern approach to DLP gives companies more transparency and context, enables them to make faster and more accurate decisions and significantly reduces the risk of data loss. - Companies are increasingly using data security solutions that use artificial intelligence or machine learning. Already 59 percent of all companies in Germany rely on these technologies. Banks and insurance companies are again in the lead with almost 67 percent, while only a good 46 percent in the areas of public administration, non-profit, health and social services rely on artificial intelligence. Surprisingly, it is the large companies that say they use the fewest solutions with artificial intelligence or machine learning: 55 percent compared to 60 percent of companies with 1.000 to 2.000 employees and almost 64 percent of companies with 2.000 to 5.000 employees.
Background of the study
For the study, techconsult conducted a survey among 200 IT managers and decision-makers in German organizations with at least 1.000 employees. The respondents work in industry, trade, services, banks and insurance companies as well as public administration, non-profit organizations or health and social services. The survey took place in August 2022. The study is available online for download.
More at proofpoint.com
About Proofpoint Proofpoint, Inc. is a leading cybersecurity company. The focus for Proofpoint is the protection of employees. Because these mean the greatest capital for a company, but also the greatest risk. With an integrated suite of cloud-based cybersecurity solutions, Proofpoint helps organizations around the world stop targeted threats, protect their data, and educate enterprise IT users about the risks of cyberattacks.